8000 Allow cached requests to bypass sce validation in $templateRequest · Issue #12220 · angular/angular.js · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
Allow cached requests to bypass sce validation in $templateRequest #12220
Closed
Closed
Allow cached requests to bypass sce validation in $templateRequest#12220
Labels
component: misc coretype: refactor
Milestone
 
1.5.x
@IgorMinar

Description

@IgorMinar
IgorMinar
opened on Jun 26, 2015

Once #12219 is implemented, we will be able to bypass sce validation for requests that are already in the template cache.

This is desirable because it allows developers to disable the whitelist, especially remove the 'self' rule for allowing requests to the same domain origin to make it through. The same origin requests are currently allowed by default, which is problematic for applications that contain redirection services (e.g. for tracking clicks to 3rd party sites).

Doing it in this way, would allow us to be backwards compatible for application that populate the template cache as part of the build, while allowing us to ban the whitelist in these applications.

We need to backport this change to the 1.3.x branch as well.

Metadata

Metadata

Assignees

No one assigned

    Labels

    component: misc coretype: refactor

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0